Sign commits with GPG key

Hello,

I am facing an issue with GitHub's Vigilant mode which displays my commits via Node-RED as unverified due to their lack of signature. As a feature request, I would like to suggest the possibility of adding GPG keys similar to SSH keys, and if a key is provided, all commits should be automatically signed. To achieve this on my development machine for my other repos, I use the following shell commands:

git config --global --unset gpg.format
git config --global user.signingkey <keyid>
git config --global commit.gpgsign true

Thank you.

Surely, if you run that in the project's folder, you will get what you want?

I have no access to shell on the machine running node-red

Actually, you do - unless whoever is managing Node-RED has blocked the exec command. :grinning:

/bin/bash: line 1: gpg: command not found

Node-RED is running as a docker container, I cannot change the image or something else.

You would almost certainly need to know the full path since you probably won't have any of the expected path environment variables set inside the container.

On my Linux system, for example, the git command is actually /usr/bin/git so try an exec with that.